diff --git a/ci-operator/jobs/infra-periodics.yaml b/ci-operator/jobs/infra-periodics.yaml index 0d14e54e65f1a..5706f5016d75b 100644 --- a/ci-operator/jobs/infra-periodics.yaml +++ b/ci-operator/jobs/infra-periodics.yaml @@ -1,4 +1,63 @@ periodics: +- agent: kubernetes + labels: + ci.openshift.io/role: infra + cluster: default + cron: "30 7 * * 1" # Run at 07:30 UTC each Monday + decorate: true + name: periodic-acme-cert-issuer-for-build01 + skip_cloning: true + spec: + containers: + - args: + - -c + - | + set -o errexit + set -o nounset + set -o pipefail + oc --kubeconfig=/etc/build-farm-credentials/kubeconfig whoami + oc --kubeconfig=/etc/build-farm-credentials/kubeconfig project + /acme/acme.sh --version + /acme/acme.sh --issue --dns dns_aws -d '*.apps.build01.ci.devcluster.openshift.com' --home /data --dnssleep 60 --fullchain-file /data/app.fullchain.cer --key-file /data/app.key --force + ls -al /data + oc --kubeconfig=/etc/build-farm-credentials/kubeconfig -n openshift-ingress create secret tls app-cert --cert=/data/app.fullchain.cer --key=/data/app.key --dry-run -o yaml | oc --kubeconfig=/etc/build-farm-credentials/kubeconfig -n openshift-ingress apply -f - + /acme/acme.sh --issue --dns dns_aws -d 'api.build01.ci.devcluster.openshift.com' --home /data --dnssleep 60 --fullchain-file /data/apiserver.fullchain.cer --key-file /data/apiserver.key --force + ls -al /data + oc --kubeconfig=/etc/build-farm-credentials/kubeconfig -n openshift-config create secret tls apiserver-cert --cert=/data/apiserver.fullchain.cer --key=/data/apiserver.key --dry-run -o yaml | oc --kubeconfig=/etc/build-farm-credentials/kubeconfig -n openshift-config apply -f - + command: + - /bin/bash + env: + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-ci-infra-openshift-ci-robot-credentials + key: AWS_ACCESS_KEY_ID + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-ci-infra-openshift-ci-robot-credentials + key: AWS_SECRET_ACCESS_KEY + image: "registry.svc.ci.openshift.org/ci/ca-cert-issuer:latest" + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 500m + volumeMounts: + - mountPath: /data + name: data + - mountPath: /etc/build-farm-credentials + name: build-farm-credentials + readOnly: true + volumes: + - name: data + emptyDir: {} + - name: build-farm-credentials + secret: + items: + - key: sa.ca-cert-issuer.build01.config + path: kubeconfig + secretName: build-farm-credentials - agent: kubernetes labels: ci.openshift.io/role: infra diff --git a/ci-operator/jobs/openshift/release/openshift-release-master-postsubmits.yaml b/ci-operator/jobs/openshift/release/openshift-release-master-postsubmits.yaml index 6058f0c968020..92a369ba8b6ba 100644 --- a/ci-operator/jobs/openshift/release/openshift-release-master-postsubmits.yaml +++ b/ci-operator/jobs/openshift/release/openshift-release-master-postsubmits.yaml @@ -1,5 +1,60 @@ postsubmits: openshift/release: + - agent: kubernetes + branches: + - master + decorate: true + labels: + ci.openshift.io/role: infra + name: branch-ci-openshift-release-master-build01-apply + spec: + containers: + - args: + - --config-dir=clusters/build-clusters/01_cluster + - --confirm=true + - --kubeconfig=/etc/build-farm-credentials/kubeconfig + - --context=ci/api-build01-ci-devcluster-openshift-com:6443 + command: + - applyconfig + env: + - name: build01_build01_reg_auth_value + valueFrom: + secretKeyRef: + key: build01_build01_reg_auth_value.txt + name: build-farm-credentials + - name: build01_ci_reg_auth_value + valueFrom: + secretKeyRef: + key: build01_ci_reg_auth_value.txt + name: build-farm-credentials + - name: github_client_secret + valueFrom: + secretKeyRef: + key: build01_github_client_secret + name: build-farm-credentials + - name: slack_api_url + valueFrom: + secretKeyRef: + key: url + name: ci-slack-api-url + image: registry.svc.ci.openshift.org/ci/applyconfig:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/build-farm-credentials + name: build-farm-credentials + readOnly: true + serviceAccountName: config-updater + volumes: + - name: build-farm-credentials + secret: + items: + - key: sa.config-updater.build01.config + path: kubeconfig + secretName: build-farm-credentials - agent: kubernetes branches: - ^master$ diff --git a/ci-operator/jobs/openshift/release/openshift-release-master-presubmits.yaml b/ci-operator/jobs/openshift/release/openshift-release-master-presubmits.yaml index ad9903a8cfa2d..8a1e1fccaef24 100644 --- a/ci-operator/jobs/openshift/release/openshift-release-master-presubmits.yaml +++ b/ci-operator/jobs/openshift/release/openshift-release-master-presubmits.yaml @@ -46,6 +46,65 @@ presubmits: requests: cpu: 10m trigger: (?m)^/test( | .* )build-farm-consistency,?($|\s.*) + - agent: kubernetes + always_run: true + branches: + - master + context: ci/build-farm/build01-dry + decorate: true + name: pull-ci-openshift-release-master-build01-dry + rerun_command: /test build01-dry + spec: + containers: + - args: + - --config-dir + - clusters/build-clusters/01_cluster + - --kubeconfig + - /etc/build-farm-credentials/kubeconfig + - --context + - ci/api-build01-ci-devcluster-openshift-com:6443 + command: + - applyconfig + env: + - name: build01_build01_reg_auth_value + valueFrom: + secretKeyRef: + key: build01_build01_reg_auth_value.txt + name: build-farm-credentials + - name: build01_ci_reg_auth_value + valueFrom: + secretKeyRef: + key: build01_ci_reg_auth_value.txt + name: build-farm-credentials + - name: github_client_secret + valueFrom: + secretKeyRef: + key: build01_github_client_secret + name: build-farm-credentials + - name: slack_api_url + valueFrom: + secretKeyRef: + key: url + name: ci-slack-api-url + image: registry.svc.ci.openshift.org/ci/applyconfig:latest + imagePullPolicy: Always + name: "" + resources: + requests: + cpu: 10m + volumeMounts: + - mountPath: /etc/build-farm-credentials + name: build-farm-credentials + readOnly: true + serviceAccountName: config-updater + volumes: + - name: build-farm-credentials + secret: + items: + - key: sa.config-updater.build01.config + path: kubeconfig + secretName: build-farm-credentials + trigger: (?m)^/test( | .* )build01-dry,?($|\s.*) - agent: kubernetes always_run: true branches: diff --git a/core-services/prow/02_config/_plugins.yaml b/core-services/prow/02_config/_plugins.yaml index 53f39a302206c..95f81274d2521 100644 --- a/core-services/prow/02_config/_plugins.yaml +++ b/core-services/prow/02_config/_plugins.yaml @@ -235,6 +235,8 @@ config_updater: name: ci-operator-misc-configs ci-operator/config/**/*master*.yaml: clusters: + ci/api-build01-ci-devcluster-openshift-com:6443: + - ci default: - ci - ci-stg @@ -591,6 +593,8 @@ config_updater: name: prow-job-cluster-launch-installer-custom-test-image ci-operator/templates/openshift/installer/cluster-launch-installer-e2e.yaml: clusters: + ci/api-build01-ci-devcluster-openshift-com:6443: + - ci default: - ci - ci-stg @@ -633,12 +637,16 @@ config_updater: name: prow-job-cluster-launch-installer-remote-libvirt-e2e ci-operator/templates/openshift/installer/cluster-launch-installer-src.yaml: clusters: + ci/api-build01-ci-devcluster-openshift-com:6443: + - ci default: - ci - ci-stg name: prow-job-cluster-launch-installer-src ci-operator/templates/openshift/installer/cluster-launch-installer-upi-e2e.yaml: clusters: + ci/api-build01-ci-devcluster-openshift-com:6443: + - ci default: - ci - ci-stg @@ -703,66 +711,88 @@ config_updater: name: grafana-dashboard-definitions-0 cluster/test-deploy/aws-4.0/*.yaml: clusters: + ci/api-build01-ci-devcluster-openshift-com:6443: + - ci default: - ci - ci-stg name: cluster-profile-aws-centos-40 cluster/test-deploy/aws-atomic/*.yaml: clusters: + ci/api-build01-ci-devcluster-openshift-com:6443: + - ci default: - ci - ci-stg name: cluster-profile-aws-atomic cluster/test-deploy/aws-centos/*.yaml: clusters: + ci/api-build01-ci-devcluster-openshift-com:6443: + - ci default: - ci - ci-stg name: cluster-profile-aws-centos cluster/test-deploy/aws-gluster/*.yaml: clusters: + ci/api-build01-ci-devcluster-openshift-com:6443: + - ci default: - ci - ci-stg name: cluster-profile-aws-gluster cluster/test-deploy/gcp-4.0/*.yaml: clusters: + ci/api-build01-ci-devcluster-openshift-com:6443: + - ci default: - ci - ci-stg name: cluster-profile-gcp-40 cluster/test-deploy/gcp-crio/*.yaml: clusters: + ci/api-build01-ci-devcluster-openshift-com:6443: + - ci default: - ci - ci-stg name: cluster-profile-gcp-crio cluster/test-deploy/gcp-ha-static/*.yaml: clusters: + ci/api-build01-ci-devcluster-openshift-com:6443: + - ci default: - ci - ci-stg name: cluster-profile-gcp-ha-static cluster/test-deploy/gcp-ha/*.yaml: clusters: + ci/api-build01-ci-devcluster-openshift-com:6443: + - ci default: - ci - ci-stg name: cluster-profile-gcp-ha cluster/test-deploy/gcp-logging/*.yaml: clusters: + ci/api-build01-ci-devcluster-openshift-com:6443: + - ci default: - ci - ci-stg name: cluster-profile-gcp-logging cluster/test-deploy/gcp/*.yaml: clusters: + ci/api-build01-ci-devcluster-openshift-com:6443: + - ci default: - ci - ci-stg name: cluster-profile-gcp cluster/test-deploy/ovirt/*.yaml: clusters: + ci/api-build01-ci-devcluster-openshift-com:6443: + - ci default: - ci - ci-stg @@ -815,6 +845,8 @@ config_updater: name: releases core-services/release-controller/_repos/*: clusters: + ci/api-build01-ci-devcluster-openshift-com:6443: + - ocp default: - ocp name: base-repos